Security Relevance Can’t Be Bought

Lacework is purpose-built for cloud and container security; Palo Alto Networks is employing a duct tape strategy.


Those of us who sweat the details of things like configurations and file integrity monitoring know that complexity and imprecision are our constant enemies. Enterprise data lives and functions in a massively complex, continuously changing state that can never truly be 100% guaranteed secure, so we must find ways to minimize the distortion and make sense of our world. The solution has to be organized and built for the purpose, and it has to be able to consume and understand some incredibly complex things and create order from them.

This is why I started Lacework with my colleague Vikram Kapoor. We realize that true security cannot be left to chance – you need an approach and a reliable solution that has the entirety of your environment covered. Then it has to make sense of this so it can give you an accurate understanding of what’s going on. Only then can you manage it.

Meanwhile, users continue to push new code, spin up accounts, add users, and basically take advantage of technology like cloud and containers, all in an effort to deliver an agile development and operating infrastructure. There’s a lot going on – constant change, new endpoints, and yes, new vulnerabilities. The Lacework approach is purpose-built for these environments and it applies a sense of order and consistency that helps security and compliance teams get the visibility they need to avoid breaches, maintain compliance, and reduce the burden and cost on their IT teams.

Customers Want Security, Not a Strategy

Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story. Even after spending $1 billion (about 1/3 of its available cash) they still only have a network-level solution and no answer for modern cloud ecosystems which are being built around containers and Kubernetes.

With these moves, Palo Alto Networks is validating the future of security. We applaud the focus, but it’s clearly a defensive move in an effort to stave off a very unprofitable future as a firewall vendor. The problem is that they’re applying a disjointed strategy so customers see a menu of solutions that make sense on paper but don’t work in reality.

Palo Alto Networks now has a heavy burden as it tries to evolve through acquisition from firewall vendor to a security provider for modern environments. The problem is that the cloud is not a product, it’s a paradigm shift, and every aspect of a modern business – building, selling, supporting, scaling – is changing as a result of it. The cloud gives companies a way to automate, adapt, and grow. For Palo Alto Networks, even after buying these companies, they are still relying on old network-based visibility with a rules-based approach. That’s a non-starter for the cloud.

Their first foray was with, a well-timed product intended to plop them squarely into the cloud security market. has enthusiastic customers, but for some reason, Palo Alto essentially end-of-life the product. Then they bought RedLock which is the very same product, albeit one with a network-centric approach to a cloud problem. Customers are now being forced to replace a product which has been in the Palo Alto Networks portfolio for less than one year. And to add to the confusion, they eliminated their channel partners with a strategy that makes RedLock available only through referrals.

That’s a lot of change and a confusing swath of solution approaches, each solving for different aspects of cloud security. Yet, none of them appear to be destined to work together.

Cloud Security is Not a Menu

Clearly it has been onerous for the company to figure out how to move from being a hardware vendor to a cloud player. Give them credit, because they recognize the economic imperative. To keep shareholders happy, they needed a new profit engine. But what Palo Alto Networks fails to recognize is that supporting cloud customers is not about who has the biggest menu of options. It’s about delivering to customers a solution that is built for the new paradigm of the cloud and for how organizations need to operate today, and in the future.

The strategy of acquisition now looks like a mix of old and new products that are being repackaged in an attempt to exploit existing customer relationships., RedLock…traps, and Palo Alto’s virtual firewall. All these products, yet no cohesion. And a lot of confusion. After all, what is a customer to think, how are they to structure a security posture if they’re being sold a new flavor every other quarter? As Warren Buffett once pointed out, buying companies is fun. The hard part is creating a coherent product, maintaining it, all while continuing to innovate. Will Palo Alto be able to turn its firewall mindset into a cloud factory? And do organizations want to trust their security to a company that has yet to figure that out?

Customers will not be duped with go-to-market models that promise end-to-end security but deliver only a complicated, unintegrated set of point products. Customers don’t want surprises, and they aren’t interested in incompatible tools showing up on the price list every few quarters. What’s important to them is the security of their data, resources, and assets.

Eliminate the Security Confusion

There’s no cloud-washing in the Lacework approach. We have been, since day one, purpose-built for cloud and container environments. Our approach uses the cloud to secure the cloud; we don’t limit visibility just to rules-based activity nor just to the identification of threats. We evaluate and analyze an organization’s events and activity to identify anomalous behavior which gives our customers a comprehensive view of risks across the entirety of their cloud workloads and containers. This results in unprecedented visibility, the automation application of intrusion detection, one-click investigation, and an approach that adapts as behaviors change.

It’s appropriate to adopt the now-famous adage about software, and confidently say that cloud software is now eating the world. As that happens, Lacework is the only solution that implements a comprehensive security solution that runs at scale, and at the speed of modern business.

I encourage you to see just how Lacework operates with a Free Cloud Risk and Threat Assessment of your cloud and container environments. It’s a free assessment that will deliver a comprehensive overview of compliance misconfigurations, vulnerabilities, anomalies, or hidden threats within your cloud footprint.